CFA Institute

About the Company

Our members and charterholders advance market integrity, trust, and transparency in their professions to build more sustainable, inclusive, and prosperous societies.
With a heritage of over 75 years, CFA Institute has 200,000 members in 160 locations around the world, providing an unparalleled network of visionary leaders.
Our rigorous CFA Institute qualifications and education offerings are designed to support professionals in their practice areas and build confidence with our clients and partners.
Our world-class Research & Policy Center offers an unbiased forum for industry leaders, regulators and subject matter experts to help shape policy and drive positive change.
As we are faced with increasingly complex challenges such as climate change, inequality, geopolitical conflicts and much more, we are focused on collaborating with current and future members to set and uphold standards to ensure positive, sustainable progress around the globe.

CFA® is a registered trademark of CFA Institute.

Listed Jobs

Company Name

CFA Institute

Job Title

Senior Manager Third-Party Cybersecurity Risk

Job Description

Job title: Senior Manager, Third‑Party Cybersecurity Risk Role Summary: Lead the design, implementation, and continuous improvement of a third‑party cybersecurity risk management program across the entire vendor lifecycle, integrating security requirements into procurement, contracting, and onboarding while ensuring compliance with applicable regulations and standards. Expactations: Deliver measurable risk reductions, maintain regulatory and industry standard compliance, provide executive‑level risk dashboards, and act as the primary cyber risk liaison across the organization. Key Responsibilities: - Design, implement, and mature the TPRM program across all vendor stages. - Conduct due diligence, risk assessments, and establish risk ratings, KRIs, and escalation protocols. - Embed security requirements into sourcing, contracting, and onboarding in partnership with procurement and legal. - Recommend, track, and close remediation actions; implement continuous monitoring for critical suppliers. - Build dashboards and metrics to communicate exposure and support leadership decision‑making. - Align the program with GDPR, CCPA, NIST CSF, ISO 27001, SOC 2, and other frameworks; support internal and external audits. - Serve as the primary point of contact for third‑party cyber risk, educate stakeholders, and champion best practices. Required Skills: - 5–8 years of cybersecurity or vendor risk management experience with direct ownership of third‑party risk. - Strong knowledge of NIST CSF, ISO 27001, and risk assessment methodologies. - Familiarity with SOC 2, HIPAA, PCI DSS, and other compliance frameworks. - Excellent stakeholder management, influence, and communication abilities. - Analytical, detail‑oriented, and adept at balancing risk with business objectives. - Experience developing KRIs, dashboards, and continuous monitoring for supplier risk. Required Education & Certifications: - Bachelor’s degree in cybersecurity, information systems, risk management, or related field (or equivalent experience). - Professional certifications preferred: CISM, CRISC, or CTPRP (or equivalent).

Charlottesville, United states

Hybrid

Senior

23-11-2025